This Personal Data Protection Policy aims to inform you of the way we process your personal data as an controller, as well as your rights.
We are a limited liability company named GRANITI EOOD, with UIC 121205956, with headquarters and address of management: SOFIA, No. 1 SELYOLU str. and Manager YAKUP BAYRA
In the company, your right to privacy is a top priority and it is implemented in the design and construction of our systems. Your right to the protection of personal data is found to be a restriction of processing, so in any case you can fully trust us and focus on your pleasant stay in our hotels. By giving us your information, you trust us and this makes us assume full responsibility for its lawful processing. We approach with responsibly and attach great importance to the protection of your personal information, provided to us by you upon registration as a customer of our hotels through our site.
The most important thing is to understand the information we process and what your choices are.
2. Information we collect
The personal data processed by Graniti EOOD on our company website are: Upon your registration, for the purpose of making a reservation in our hotels, we process the personal data provided by you: name, surname, last name, email, address, telephone number.
3. “Cookie” and other similar data collection technologies
We also use “cookies” (small text files sent from your computer each time you visit our website) or similar data capture technologies. When we use “cookies” or similar technologies, we use session cookies (they persist until you close your browser) or persistent cookies (which continue while you or your browser deletes them).
Data in the log files. When you use the site, our servers record information (“log data”), including information that your browser automatically sends when you visit a website or your mobile app automatically sends when you use it. This “log data” includes the Internet Protocol address, the address and activity of the websites you visit, searches, browser type and settings, the date and time of your request, how you used the site, “cookies” data, and device data. If you wish to receive more details about the information we collect – contact us via the contact form.
Information about the device. In addition to the data in the log, we collect information about the device through which you use our website, including device type, operating system, settings, unique device identifiers and crash data that help us find out when something breaks. Whether we collect some or all of the information often depends on the type of device you use and its settings. For example, there are different types of information depending on whether you’re using a MAC or a computer or an iPhone or Android phone.
To learn more about what information your device can make available to us, please check the device manufacturer or software vendor policy.
3. How we use information
We process your personal data on the following grounds:
• Fulfilling legal obligations, including the fulfilment of statutory obligations to maintain or provide information upon receipt of appropriate disposition by competent state or judicial authorities, providing the possibility of carrying out the control powers of the competent state authorities, in fulfilling the legal obligations of the company to notify you of various circumstances related to your rights, to the services provided or to the protection of your data, etc.
• Conclusion and execution of contracts for the provision of the goods to the Company.
• Enforcing the legitimate interests of users of the Services, third parties such as members, other users, employers, Representatives of employers, etc.
We process your information for the following purposes:
• According to your specific customer order, when selling, when preparing a quote or in response to your enquiry concerning the goods and services we offer.
4. How we share information
As our goal is to help you book your stay easily and conveniently, we share some users’ information with service providers and partners who help us maintain our services. For more details on sharing your information with others, please read the following:
• With our service providers and partners
We use third parties to help us operate and improve our services. These third parties help us with various tasks, including hosting and data support, analytics. When sharing information, we comply with legal requirements or limit ourselves to non-personal information.
We follow a rigorous verification process before engaging with a service provider or working with a partner. All our service providers and partners must accept strict confidentiality obligations.
• When required by law
We may disclose your information if reasonably necessary: 1. To comply with a legal process such as, for example, a court order, subpoena or search warrant, investigation, law enforcement or other legal requirements; 2. To assist in the prevention or detection of criminal offences (applicable law applies in each case); or 3. To protect the safety of a person.
• With consent or upon request
We may ask for consent to share your information with third parties. In each individual case, we will clarify why we want to share your information.
5. Cross-border data transfers
The company does not carry out data transfers outside the European Union.
6. Your rights
You, as subject to the processing of personal data, have the right to exercise the rights listed below.
Before you have this opportunity, we need to identify you, and we will carry out your identification on the spot at our reception desks.
The deadline specified in the regulation for answering your request is up to 1 (one) month, which we will comply with following the procedures we have adopted.
You can submit your request in paper form – at our reception desks and we will notify you in the way you have indicated about the outcome of every request made by you under the GDPR.
List of your rights:
• Right to withdraw your consent to the processing of your personal data at any time in accordance with the requirements of the Regulation;
• Right to correct personal data – if you believe there is an error in the personal data collected about you, you may request their correction. You will need to identify the correct data to us.
• Right to access your personal data – you have the right to receive confirmation whether we process your personal data and, if so, to access it. Together with the data we will also give you access to the mandatory information described in art. 15, item 1 of the Regulation.
• Right to erase your personal data – you may want “to be forgotten” and we will assess whether the requirements of art. 17 of the Regulation apply.
• Right to restriction of processing – means marking of the stored personal data in order to limit their processing in the future. If you want us to keep your personal data without processing it, you can file/send a request under this article.
• Right to data portability – you may ask the personal data we have collected about you to be transmitted in a structured, commonly used and machine-readable form. Currently, we are not able to directly transfer your data to another controller.
• Right to object – you may object to the processing of your personal data at any time, including for profiling and direct marketing.
• The right to request the controller of your personal data to notify third parties to whom the controller has provided your data regarding correction, erasure or restriction of the processing of personal data. In all cases, when you exercise any of the above rights, we will notify those third parties of your request.
• You are entitled to a complaint to the Commission for Personal Data Protection, which is filed in a form and with the requisites required by law.
7. Accuracy of Information
The company is not responsible for the correctness of the data you provided on our site and therefore carries out checks upon your arriving at our hotel reception desks. In all cases of suspected fraud and/or misuse of your personal data, please inform us immediately.
8. How we protect your information
Considering the complexity of the problem we have emphasized on the following types of personal data protection – physical, personal, documentary and protection of automated information systems and networks. In applying the new requirements of the regulation, we use cryptographic protection in data transmission.
9. How long we store your information
We store your information for as long as it is necessary for our legitimate interests or is defined in the legislation of the country. Time limit for storing personal data: The period for which we will store your personal data is within 1 year after which they will be destroyed. The period of destruction of your data may be longer than one year in cases where the Bulgarian legislation requires it.